Slyck.com
 
Slyck Chatbox - And More

Microsoft warns about two apps that installed root certificates then leaked the private keys

What's happening in the technology world related to software. Please submit stories for this forum here.
Forum rules
PLEASE READ BEFORE POSTING: Slyck Forum Rules

Microsoft warns about two apps that installed root certificates then leaked the private keys

Postby bmh67wa » Wed Nov 28, 2018 1:34 pm

Story : https://www.zdnet.com/article/microsoft-warns-about-two-apps-that-installed-root





Microsoft has issued a security advisory today warning that two applications accidentally installed two root certificates on users' computers, and then leaked the private keys for all.

The two applications are HeadSetup and HeadSetup Pro, both developed by German software developer Sennheiser. The software is used to set up and manage softphones --software apps for making telephone calls via the Internet and a computer, without needing an actual physical telephone.

The issue with the two HeadSetup apps came to light earlier this year when German cyber-security firm Secorvo found that versions 7.3, 7.4, and 8.0 installed two root Certification Authority (CA) certificates into the Windows Trusted Root Certificate Store of users' computers but also included the private keys for all in the SennComCCKey.pem file.

In a report published today, Secorvo researchers published proof-of-concept code showing how trivial would be for an attacker to analyze the installers for both apps and extract the private keys.







In the 60's, people took acid to make the world weird. Now the world is weird and people take Prozac to make it normal.

zbeast wrote:80's porn is so strange big hair and lazy humping.
User avatar
bmh67wa
 
Posts: 3399
Joined: Sun Jul 28, 2002 10:32 pm
Location: sanctuary.darkservers.net:3456,4568 or 8888

Return to Tech/Software News

Who is online

Users browsing this forum: No registered users and 2 guests

© 2001-2008 Slyck.com